File storage file systems should be encrypted with a Customer Managed Key (CMK)

oci-file-storage
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

Oracle Cloud Infrastructure (OCI) File Storage file systems should be encrypted with a Customer Managed Key (CMK) to provide enhanced security and control over encryption key lifecycle management. By default, File Storage file systems are encrypted with Oracle-managed keys, but using Customer Managed Keys provides additional security benefits including key rotation control, access logging, and the ability to disable keys when needed.

This rule checks the kms_key_id configuration of OCI File Storage file systems and fails when file systems are not configured with a Customer Managed Key.

Remediation

To configure your OCI File Storage file system with CMK encryption, you need to specify a valid kms_key_id from Oracle Cloud Infrastructure Vault service. For guidance on configuring File Storage file system encryption with CMKs, refer to the File Storage Encryption section of the Oracle Cloud Infrastructure Documentation.